Microsoft has begun rolling out a significant security enhancement for Windows 11 with the release of the KB5067036 preview update. This optional update for Windows 11 version 24H2 introduces a new feature named Administrator Protection, designed to harden the operating system against privilege escalation attacks as part of the company’s Secure by Default initiative.

The feature, also referred to as “Admin JIT” (Just-in-Time), fundamentally changes how administrative tasks are approved on the system. It aims to reduce the attack surface by ensuring that administrative privileges are only granted on a per-task basis after explicit user verification, even for users already logged into an administrator account.

How Administrator Protection Enhances Security

Previously, users with administrator accounts could approve high-privilege operations through a simple “Yes” or “No” User Account Control (UAC) prompt. With Administrator Protection enabled, this process is now more secure. When an administrator attempts to perform an action requiring elevated rights, such as running Task Manager with admin privileges, they will face a UAC prompt that requires re-authentication.

This verification step mandates the user to enter their account password or use a biometric confirmation method like Windows Hello. By requiring this explicit approval, the feature helps prevent malware that has compromised an administrator’s session from silently elevating its privileges to perform malicious activities, such as disabling security software or deploying ransomware across a network.

Rollout and Availability Details

The Administrator Protection feature is enabled by default on all new devices that ship with Windows 11, version 24H2. For existing systems that are upgraded to version 24H2, Microsoft has stated the feature will be enabled in a future update. The current deployment is part of the KB5067036 optional, non-security preview update, which allows IT administrators and users to test the functionality before it is included in subsequent mandatory security updates.

David Weston, Microsoft’s Vice President of Enterprise and OS Security, confirmed the rollout of the feature, highlighting its role in making it more difficult for attackers to move laterally and escalate privileges within a compromised environment.

Source: https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5067036-update-rolls-out-administrator-protection-feature/